Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-04-2024 01:52
Behavioral task
behavioral1
Sample
Lua Injector Universe/NeutrinoAgent.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Lua Injector Universe/NeutrinoAgent.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Lua Injector Universe/NeutrinoInjector.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
Lua Injector Universe/NeutrinoInjector.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Lua Injector Universe/temka.dll
Resource
win7-20240221-en
General
-
Target
Lua Injector Universe/NeutrinoAgent.dll
-
Size
39KB
-
MD5
bc57e228e8b94d24d48f5e81a3dbf491
-
SHA1
99a708592e7e5cbf9572e8d581e1b25365a75702
-
SHA256
62a0f8dc21c73a3068220caed39b1c2c5bd176c4ea98856ecf34dc944b649e41
-
SHA512
a58c9f10c0fb16a0eff1dfa86b1fcd45501afefa3b22fb08f6953dba19880cc2d61ab9f607ce86bfb7cb7077f9dfc1e9e46a46b39202da97ecfc24e940336404
-
SSDEEP
768:BvUJ7iuhlDFRaucM1k3+BnvXmBHpmwyvarP7rE:BcJpTFYPOBeBHpC27
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 2888 1708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lua Injector Universe\NeutrinoAgent.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lua Injector Universe\NeutrinoAgent.dll",#12⤵PID:2888